• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Internal Restrictions

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Internal Restrictions Page: [1]
Login
Message << Older Topic   Newer Topic >>
Internal Restrictions - 2.Dec.2003 4:52:00 PM   
dcadywould

 

Posts: 6
Joined: 16.Oct.2003
From: England
Status: offline
Hello,

I decided to test our mail server for open relay etc. I was unable to relay any mail to/from random domains so that appears OK. However, i was able to send fake emails internally, e.g.:

If my domain is @mydomain.com then I could say mail from: randomspammer@mydomain.com and send an email to manager@mydomain.com successfully. How do I restrict this kind of internal spamming?

Thanks
David
Post #: 1
RE: Internal Restrictions - 17.Jan.2004 1:19:00 AM   
koggen

 

Posts: 980
Joined: 31.Oct.2001
From: Göteborg - Sweden
Status: offline
Well, its difficult. Email is basically a very simple service and there's really not any good way to make sure that messages like these don't get accepted. Email is like sending a postcard, anyone can send a postcard to your manager and sign it with e.g. your name!

A provision though is that the SMTP server is accessible for your local clients. If all clients use Outlook and connect over RPC then they won't need to connect to your server by smtp and if you limit that access they can't deliver the fake message! Since they are forced to use the access controls in Exchange, when using RPC, you can effectively restrict users from writing from: adresses for which they don't have permission to send-as.

Again, there's a pitfall. Assuming that any external user can email to manager@yourdomain.com a user can still use any other smtp server on the internet (which allows relay) to send fake messages! The only way to protect yourself then would be to write some kind of custom event sink which checks to see if a message from adresses like randomspammer@yourdomain.com to manager@yourdomain.com originates from the internet, in which case it's probably fake, if not then its legitimate.

Basically, you can't prevent this from never happening.

(in reply to dcadywould)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Internal Restrictions Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter